IGMP and Router Firewall

Firewall has blocked IGMP, in the case of using a router with firewall options which can be used for additional security?

Filter loopback traffic
Block Fragmented IP traffic
Do protocol Analysis
Enable anti-ARP spoofing

Thanks

Hi I’m not certain what your issue is in particular?

If you don’t have an advanced firewall built into your router then your going to need to lock down and secure windows.

Most breaching attemps occur via WAN on svchost.exe, system, dllhost.exe among others but the first two are most important.

svchost is required for internet explorer to even function at all which just brings a hell storm of attacks over the svchost. I usually set svchost to blocked unless i wanna use steam because steam requires iexplore.exe to be outgoing only on top of svchost to outgoing only.

So these days its impossible literally to be truly secure. Unless you spend all day long on TelNet as a lot of hackers are doing out there these days. It’s all so insanely annoying.

If you want the most secure enable all those options, go to global rules and make 9 additional block rules first being block imcp in/out, then move to block ip then go to ip protocol and create rules for each protocol under tcp and udp for each one. All protocols other than tcp udp are attack opportunities.

The Firewall Router actually blocks possible intrusion attempts.
If I activate the extra settings Filter loopback traffic, The Analysis Protocol, in CIS for security.

Is correct or it may cause problems with the internet connection speed?

I know if I activate the “Block Fragmented IP traffic” option, I can see the impact on the speed of the internet connection.

Thanks

If I recall correctly it is Do Protocol Analysis that influences speed.

Hello chris89, I made some fine adjustments in global rules and and now all right :-TU

My question was about the blocking IGMP appeared a few times in the reports and wanted to know if they are suspicious or to enable any of these options the firewall was blocking legitimate communication router.

Thanks EricJH for the clarification, I also contacted the ISP and they have corrected a problem that affected the route of packets. :slight_smile:

Hi, I was wondering how you determined packet route abnormality for your isp? tell me more about it.

Also the only two protocols u need for normal usage is tcp and udp. Block everything else globally. Also make sure no app is set to trusted or anything other than outgoing only if u want that app to go online. Otherwise block windows updates, block microsoft windows operating system, block system, block ur anti virus trust me ur safer because then ur anti virus wont be susceptible of a wan invasion.

If u want to share create a network zone ranging from x.x.x.10-20 and set all ur pcs u want to share with as an ip in that range and do the same to the other but as long as ur ip is in the network zone ur golden.

Thx

I reported the issue of speed that was below average, it was not just a matter of configuring the firewall.
Packet loss in the range that the provider considers their jurisdiction, they conducted internal tests and maintenance after the service came back normal.
Probably they have more tools to identify these issues :stuck_out_tongue:

I believe adjust and allow access only to trusted software is a good alternative.
I understand that we can customize the rules to increase the level of control and security, but I think it does not completely neutralize attacks coming from the Internet.

In certain scenarios security by obscurity does not seem to be the best choice.

Thanks chris89 for the tips :slight_smile:

Yeah for speed the way it works is your isp has it’s own usually 2 dns servers which is the way your pc connects to the internet. In my opinion make sure the dns servers are static in your network adapter. First being 8.26.56.26 that’s the primary comodo dns server, there’s another ip but i just use the one.

After that you only need to allow outgoing only to the apps u want to get online. In case of issues with iexplore.exe you need to enable svchost.exe to outgoing only which aid for additional speed for the entire system. Since svchost can connect to additional servers for faster downloads.

Some new threats ive found in windows is if u right click on computer to manage and to shared folders u will see some shares named C$ etc. These are attack opportunities for hackers to icmp straight in over system on ports 137-139 range so i’d add a rule to system blocking tcp/udp destination port 137-139 range. There’s a script I found online to delete all those $ shares so no one can tap into ur stuff no way no how. Here’s the script… Just copy and paste into a .txt file you create which you will name Clear-Admin-Shares.bat and make sure it’s a .bat. Then we will drag that newly created .bat file into Start-All Programs-Startup, then run the file and check in Computer - manage - shared folders to make sure all the $ are gone except your own created shares. You can edit the .bat file to add a new Drive letter if the driver letters listed in the .bat from the drive letters on your system.

It appears after some hours the shares get auto-recreated so lets make a scheduled task to run the .bat every 3-6 hours I’ll choose 3 just to be extra cautious. Or we can schedule it to run when the computer is idle for 5 min etc which is going to be super safe. So in Manage above shares u see task scheduler so create a basic task to run daily and choose to run an application being that .bat file in Startup which is here… C:\Users*YOUR USERNAME*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clear-Admin-Shares.bat

Once you create the task open the task properties and configure first from far left tab and we will move to the right. So have it run if the user is logged in or not and check mark “Do not store password” and configure for Windows 7 or whatever windows u have. Delete the daily trigger, then start the task only if the computer is idle for say 30 minutes and do not wait for idle, uncheck stop if the computer ceases to be idle, and uncheck restart if the idle state resumes. Then in Settings tab uncheck allow task to be run on demand, and uncheck everything is settings except if the running task does not end when request, force it to stop. The task takes 0.1 seconds to complete and it’ll keep your system secure for eternity. At least keep your data safer than by default which is always good.

For instance when I looked at IPC$ there was 2 connected clients via a wan destination inbound on my source ip. So by removing the shares no one will be able to tap in. Good Luck! :smiley:


http://i97.photobucket.com/albums/l221/chris2006189/2_zps2bec53c1.jpg


http://i97.photobucket.com/albums/l221/chris2006189/1_zps428f9f1c.jpg


http://i97.photobucket.com/albums/l221/chris2006189/3_zps17d608b9.jpg


http://i97.photobucket.com/albums/l221/chris2006189/4_zpscb53cf62.jpg


http://i97.photobucket.com/albums/l221/chris2006189/5_zps5f3d5afd.jpg

After ur done right click on the task and click run to make sure it starts running and stops automatically.

NET SHARE C$ /DELETE
NET SHARE F$ /DELETE
NET SHARE D$ /DELETE
NET SHARE E$ /DELETE
NET SHARE F$ /DELETE
NET SHARE G$ /DELETE
NET SHARE H$ /DELETE
NET SHARE I$ /DELETE
NET SHARE ADMIN$ /DELETE
NET SHARE IPC$ /DELETE
NET SHARE DFS$ /DELETE
NET SHARE COMCFG$ /DELETE
NET SHARE J$ /DELETE
NET SHARE K$ /DELETE
NET SHARE L$ /DELETE

Reading back on “Block Fragmented IP traffic” in the Help section. It can interfere with surfing when enabled when different MTU sizes are in the route. It can slow down. Please disable it again it seems only feasible to use when being under a DOS attack. Which is not something end users are likely to encounter.

Blocking IGMP traffic from the LAN is not something to worry about. There is probably a multi media device or media software on one of your computers broadcasting its presence.

Thanks EricJH :slight_smile: